Defense Trade Compliance Glenn E. Smith Chief, Enforcement Division Office of Defense Trade Controls Compliance “Partnering for Compliance” East Coast Conference February 23-25, 2011 Orlando, Florida Presentation Topics • Organization of Compliance at State • Civil Enforcement Trends • Consent Agreements • Voluntary Disclosures • Compliance Tips • How Industry can Assist 2 Organization of Compliance at State Compliance & Registration Division Dan Cook, Chief Lisa Studtmann, Director Greg Slavens ICE Liaison Daniel Buzby, Deputy Director Orlando Odom FBI Liaison Enforcement Division Glenn Smith, Chief Research & Analysis Division Ed Peartree, Chief • Registration of manufacturers, exporters & brokers • Voluntary & directed disclosures • ‘Blue Lantern’ end-use monitoring program • Company Mergers & Acquisitions • Civil enforcement actions: charging letters & consent agreements, policies of denial, debarments, transaction exceptions and reinstatements • Watch List screening & maintenance • Company Visit Program • Consent Agreement Monitoring • PM lead on CFIUS • Support to the law enforcement community for criminal enforcement • Compliance Report • Intelligence research projects • AECA Section 3 reports to Congress 3 Civil Enforcement Trends (FY10) Voluntary Disclosures • Over 1200 voluntary disclosures of civil violations by industry – Rate consistent with 2009 figures . 10% increase from FY08 and over a 100% increase from FY06 – industry more focused on compliance and willing to disclose – industry establishing internal auditing-but additional focus is needed – “due diligence” as part of mergers & acquisitions – effect of consent agreements & fines – expansion of USG compliance education & outreach efforts • “Company Visit Program” – DDTC • “Project Shield America” – DHS/ICE • “Domain Program” – FBI 4 Civil Enforcement Trends (FY10) Directed Disclosures • 58 directed disclosures issued by DTCC – Approximately half of 2009 figures. – disclosures increasingly more focused and remedial actions imposed – better to disclose voluntarily than under direction 5 Civil Enforcement Trends (FY10) Disclosure Violations • Nature or pattern of violations appears not to have changed from previous years: – unauthorized export of hardware, data or services – exceeding scope of license approval – foreign person employment (you and your subcontractors) – improper use of exemptions – exceeding dollar value of agreements (TAAs and MLAs) – violating provisos and other conditions of approval – misclassification of hardware/technical data 6 Civil Enforcement - Disclosure Review • Harm to U.S. foreign policy or national security • Adherence to law, regulations and DDTC’s licensing and compliance policies • Severity of violation (minor or substantive, procedural or judgmental, once or repeated, unique or systemic) • Company’s approach & commitment to compliance • Implementation of remedial measures • Improvement of company’s compliance program 7 Civil Enforcement What violations prompt civil penalties? • Harm to U.S. National Security or Foreign Policy Interests • Undermine the integrity of the legal and regulatory system 8 Civil Enforcement Trends (FY10) Consent Agreements Consent Agreements - Since 2003 • • • • 25 consent agreements Fines over $180 million Remedial Measures Reporting and Oversight 9 Causes of Violations • Compliance program is not well established. • Program lacks organization and oversight. • Insufficient resources (human and financial) to insure effective compliance. • Training not systemic or tailored. • No internal audit or periodic review to assess program. 10 Causes of Violations • Record-keeping of all elements of defense trade activity is insufficient or not centralized to track activity from beginning to end. • Program has not evolved to account for change or growth in company’s regulated business activity (e.g., mergers & acquisitions). • Compliance program is outdated and does not reflect current regulations and relevant procedures. 11 Fines & Penalties Civil Violations of the AECA & ITAR • $500,000 for each violation • Extra compliance measures • Debarment (Remember: Successor liability applies after merger/acquisition.) Criminal Violations of the AECA & ITAR • $1 million for each violation • 20 years imprisonment (see latest Iranian Sanctions Legislation) Increase from 10 to 20 years • Debarment 12 Consent Agreements Violations Charged Common Violations in Consent Agreements • • • • • • • Omissions of material facts and false statements Unauthorized exports of articles and services Violating terms of an authorization Classified exports in violation of the ITAR Record-keeping Unauthorized Proposals to §126.1 countries Misclassification of hardware and technical data 13 Consent Agreements Lessons Learned What drives these violations? • • • • • • • Lack of corporate commitment Insufficient ITAR training Unclear policies/procedures Poor record keeping/tracking systems Insufficient resources Poor or non-existing audit procedures Lax security – IT and classified handling Understanding the root causes of a violation is key to preventing future violations! 14 Voluntary Disclosure: Areas of Increased Attention Voluntary Disclosures • Who was involved and how were decisions made. (Key focus for DTCC.) • Provide the who, what, when and how. • Follow ITAR §127.12(c)(2) and provide all the required information. • DTCC is as concerned about how a violation occurred as well as that it happened. • Use of passive voice and vague descriptions do not satisfy disclosure requirements in the ITAR. 15 Voluntary Disclosure: Areas of Increased Attention Voluntary Disclosures • Corrective actions implemented or to be implemented to ensure the violations do not occur again. • Provide copies of manuals and or procedures. • Provide evidence of training. • Provide evidence that procedures are being implemented effectively. 16 Voluntary Disclosure: Areas of Increased Attention Remember: • Technology derived from U.S. technology remains controlled under the ITAR. • Disclosures involving repeat violations where “remediation” already claimed to have been implemented needs explanation. • Disclosures are not data dumps – submissions should be organized and tell the story. 17 Key Elements of Compliance Manual Internal compliance document should address: 1. Organizational structure 2. Resources dedicated to export control 3. Contracts/marketing screening 4. Non-U.S. person employment 5. Physical security of the ITAR facility 6. Network security 7. License preparation 8. Use of exemptions 9. Foreign travel 10. Foreign visitors 11. Record keeping 12. Reporting 13. License maintenance 14. Actual shipping processes 15. ITAR training 16. Internal monitoring and audits 17. Voluntary disclosures and discovery of export violations 18. Violations and penalties 18 Compliance Tips • Establish senior level commitment to strict adherence to all export control laws and regulations • Establish and maintain and effective export compliance program • Involve all elements of the business – legal, marketing, travel, personnel, etc… all play a role • Establish a “culture of compliance” to ensure these procedures are followed 19 Compliance Tips • Self-audit to identify problems and correct weaknesses • Keep your program up to date with regulatory changes and changes in your business • Establish training requirements tailored to job responsibilities and risk • Recognize that there are no shortcuts • Network with others in the industry to learn from them 20 Compliance Tips • Establish Clear and Open Communication with Partners Before and After License Approvals: o Ensure complete and accurate information o Ensure changes in use/retransfers are authorized • Understand limitations of authorizations • Due diligence on foreign parties is not difficult • Identify and resolve “warning flags” before submitting application • Knowing your foreign parties is in your best interest 21 Compliance Tips • An inventory control system to track whereabouts of defense articles through final delivery • Remind and educate the end-user of their obligations under the ITAR • Notify the State Department if you receive derogatory information on end-user or foreign consignees after license approval 22 Compliance Tips • Vet parties using public lists of the regulatory agencies: State, Commerce, and OFAC. Refer to the Excluded Parties List System administered by the General Services Administration • Enhance IT security. Prevent cyber attacks by implementing the appropriate encryption and firewall systems. Report events to DTCC in voluntary disclosure 23 Management Should Remember • The importance of export compliance to our national security and foreign policy interest is great • Enforcement is improving - more information on violations coming in as leads and tips have grown • Government’s ability to investigate and use information is improving – cooperation is real. • Claims of ignorance or surprise at violations is harder to argue with any credibility. • Strict liability applies - a heavy burden and cost when not done correctly. Licensor is responsible for nearly 24 all aspects of export transactions. How Industry Can Assist Enforcement Efforts • Good compliance means self-enforcement • Industry has more eyes and ears available to uncover suspected violations • Industry has greater access to useful information regarding compliance issues • Industry has been instrumental in sensitizing and educating suppliers and vendors • Willingness by industry to share and publish best practices with other members of the community 25 Why Share Information with DTCC • It’s the right thing to do • To protect and secure our national security • Maintain level playing field and prevent unfair advantage • Protect proprietary information and maintain competitive technology lead 26 How Leads and Information are Provided to DTCC • • • • • • Phone calls Letters (to include anonymous) Emails Fax Conversations (including conferences) Hand written note on 3x5 cards 27 How is the Information Used? • Used within DTCC to support administrative/civil investigations • If warranted, we will share with DHS/ICE, FBI or the Department of Justice for potential criminal investigation or intelligence reporting. 28 How is the Information Handled? How is the information handled? -We will only share internally within the U.S. Government. 29 Examples of Leads Provided to DTCC 1. Fabrication of TAA and approval letter. 2. Deliberately deleting export control statement and company logo on technical drawings-then exporting w/o authorization. 3. Deliberately allowing foreign persons access to facility, technical data and exporting hardware w/o a license. 4. Deliberately conducting technical discussions with foreign person while license was pending with DDTC. 5. Competitor shipping identical hardware to proscribed destination. 30 Leads, tips or questions on compliance and enforcement • Glenn Smith Chief, Enforcement Division 202-632-2799 31 Suggested Reading • Arms Export Control Act (AECA), Sections 38-40 (22 U.S.C. 2778-2780) (P.L. 90-629) • International Traffic in Arms Regulations (22 CFR 120-130) • • • • • • • • • • • Definitions U.S. Munitions List Registration Licenses Agreements Technical Data Policies & Provisions Compliance Brokering Contributions, Fees & Commissions 120 121 122 123 124 125 126 127 & 128 129 130 DDTC’s website: www.pmddtc.state.gov 32 Useful Information • U.S. Department of State Directorate of Defense Trade Controls • • • • Website: www.pmddtc.state.gov Response Team Telephone Number: • 202-663-1282 • • Response Team E-mail: DDTCResponseTeam@state.gov 33